Google Fights E-Mail Privacy Group Suit It Calls Too Big

Google Inc. (GOOG), fighting claims that it
illegally scanned private e-mail messages, argues it shouldn’t
have to face a single lawsuit that lumps together hundreds of
millions of Internet users.

The world’s largest search-engine company contends a
nationwide grouping of people who sent or received messages
through its Gmail service over five years would “amalgamate an
unprecedented collection of individuals,” according to a filing
in federal court in San Jose, California.

The amount at stake could reach into the trillions of
dollars if, as the plaintiffs argue, each person is eligible for
damages of $100 a day for violations of the Electronic
Communications Privacy Act.

U.S. District Judge Lucy Koh heard arguments today over
whether to certify the case as a class action. Her ruling has
implications for e-mail privacy cases assigned to her that were
filed last year against Yahoo! Inc. and LinkedIn Corp. (LNKD), which
also have hundreds of millions of users. In each case, class-action status would allow plaintiffs to pool resources and put
greater pressure on defendants to settle.

Similarly giant cases have been brought against Facebook
Inc. (FB) and Hulu as Web users challenge how companies monetize
their data for the online advertising market that generated more
than $40 billion in the U.S. last year. Google, meanwhile, faces
another privacy case in San Francisco federal court brought on
behalf of everyone in the U.S. whose wireless Internet
connections were intercepted by company vehicles gathering
information for the Street View mapping service.

E-Mail Mining

The case before Koh today was brought in 2013 by users of
Gmail and other e-mail services from states including Texas,
Pennsylvania, Maryland and Florida, claiming Google intercepted,
read and mined the content of e-mail messages for targeted
advertising and to build user profiles.

Koh said she had less difficulty seeing how such a suit
could go forward for discernible groups of people using Internet
service providers, or educational organizations, that rely on e-mail powered by Gmail. She expressed skepticism about how
plaintiffs would verify birth dates and addresses for a reliable
group of non-Gmail users.

“We’re not a government agency of verifying birth dates,”
Koh said, referring to the court.

Michael Rhodes, a lawyer for Google, said it would be
impossible to build a case with a measurable “total mix of
information” each class member had about the company’s
scanning.

Disclosure Requirement

There’s no legal requirement that Google had to disclose
its scanning “in a particular way, at a particular time and
that we’re limited to that,” Rhodes said. “There’s no
proposition in the law that I have to give that level of
granularity.”

Sean Rommel, a lawyer representing the plaintiffs, told Koh
that he has “streamlined” the case by focusing on a device
Google has used to intercept e-mails called the “content one
box.” Google determined that the device couldn’t extract
information from e-mails that weren’t opened or deleted, or when
they were accessed by phones or through Outlook, Rommel said.

In 2010, Google moved the device from the storage end of e-mail services to the “delivery pipeline” to extract data
before users receive the messages, Rommel said.

“That’s the secret,” Rommel said. “It is factually
inaccurate to say that the location and the timing of that
interception is in the public record,” he said, referring to
Google’s disclosures about its scanning. “There is not a single
disclosure in the record that identifies, alerts, tells anybody
that there is an interception occurring. It’s not there, it
doesn’t exist.”

Steep Hurdle

The lawyers suing Google over e-mail scanning face “a very
steep hurdle” to proceed with a group case and the judge will
need to do a “rigorous analysis” to determine whether it’s
appropriate, Stanford Law School Professor Deborah Hensler said,
adding that only 10 percent to 20 percent of all cases filed as
class-actions are allowed to go forward.

Koh in September rejected Mountain View, California-based
Google’s bid to dismiss the case. In a rare early victory for
plaintiffs in an online privacy lawsuit, the judge rejected
Google’s argument that Gmail users agreed when they accepted
subscription service terms and privacy policies to let their
messages be scanned.

The plaintiffs now argue the case is “perfectly suited for
class treatment” because everyone affected by the e-mail
scanning has so much in common, from the “uniform nature” of
Google’s extraction of data in e-mails to the company’s
“uniform disclosures” about its privacy practices.

‘Indiscriminately Amass’

Companies often seek to avoid class actions, instead
attempting to fight plaintiffs one-by-one or in small groups,
forcing them to use their own financial resources to litigate.

Google contends that if the e-mail case gets group status,
it would “indiscriminately amass together virtually everyone in
the United States with a non-Gmail e-mail account, along with
large groups of the over 400 million people who use Gmail and
Google Apps,” according to a court filing.

The common ground needed for class-action status is missing
because the “many billions” of e-mails at issue raise “an
immense array of individualized evidence” over whether the
senders and recipients were aware of the automatic scanning,
Google said.

‘Common Issues’

Federal rules requires that the class be “clearly
definable and that common issues predominate over individual
differences among class members,” Hensler, the Stanford
professor, said in an e-mail.

“Arguably in a huge class there are more likely to be
differences among class members that would make certification
difficult,” she wrote. “In any event, certification is never a
sure thing.”

In 2011, the U.S. Supreme Court rejected class
certification for a lawsuit brought on behalf of more than 1.5
million female workers alleging discrimination in pay and
promotions at Wal-Mart (WMT) Stores Inc., the world’s largest
retailer. The court told the women they didn’t have enough in
common to sue the company as a monolithic class.

Wal-Mart Ruling

Google’s 31-page argument to Koh in the e-mail case cited
the high court’s Wal-Mart ruling three times.

If the Google case is given class status, “it could well
be” the largest ever, said Rick Wiebe, a San Francisco lawyer
who does privacy and class-action cases. While other group
lawsuits -- product injury, drug or medical device, and
shareholder cases -- have been litigated on behalf of tens of
millions of plaintiffs, Google may be the first involving
hundreds of millions, said Wiebe, who’s one of the lawyers in a
civil rights lawsuit challenging the Obama administration over
National Security Agency surveillance of telephone calls.

Plaintiffs’ lawyers are presenting the Google case as more
viable by organizing “sub-classes,” arguing that any
differences in the types of injury “clump themselves together
in a manageable fashion,” Wiebe said. Arguing for statutory
damages may also streamline the case, Wiebe said. By claiming
damages “that Congress has said everyone should get for a
violation, you don’t need individual proof of an injury,” he
said.

Neither the plaintiffs or Google have publicly disclosed
total estimates on the size of the class or potential damages.

Chris Hoofnagle, a law professor at the University of
California at Berkeley, said in an e-mail that while the Google
case is “very important,” courts “almost never award the full
amount of potential statutory damages in privacy cases.”

“Defendants in these cases often have mitigating
circumstances that reduce damage awards, and they argue that
extra-large awards violate their due process,” Hoofnagle said.

The case is In re Google Inc. Gmail Litigation, 13-md-02430, U.S. District Court, Northern District of California
(San Jose).